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IN THE CLAIMS: 

T 

1 1 . (Currently Amended) A method for certificate generation that enables efficient 

2 revocation of said certificate, comprising: 

3 at a first node: 

4 receiving a request to issue a certificate on behalf of a principal; and 

5 forwarding said request to a second node, wherein said request includes a 

6 first identifier that identifies the first node; and 

7 at the second node: 

8 in response to receipt of the request, generating a certificate that includes said 

9 first identifier. 

1 2. (Original) The method of claim 1 wherein said request further includes a second 

2 identifier that identifies a principal. 

1 3. (Original) The method of claim 2 wherein said certificate further includes a public key 

2 associated with said principal, and said second identifier. 

1 4. (Previously Presented) The method of claim 1 further including authenticating said 

2 certificate by said second node. 

1 5. (Previously Presented) The method of claim 4 wherein authenticating said certificate 

2 comprises generating a certificate digitally signed by said second node. 

1 6. (Previously Presented) The method of claim 5 wherein generating said certificate signed 

2 by said second node comprises generating a certificate digitally signed by said second node 

3 using a private key of a public private key pair associated with said second node. 

1 7. (Original) The method of claim 1 wherein said certificate further includes a time stamp 

2 that identifies a time associated with the request. 

1 8. (Previously Presented) The method of claim 1 further including authenticating said 

2 request by said first node. 



-2- 



1 9. (Previously Presented) The method of claim 8 wherein authenticating said request by said 

2 first node comprises digitally signing said request. 

1 10. (Previously Presented) The method of claim 9 wherein digitally signing said request 

2 comprises the step of digitally signing said request using a private key of a public/private 

3 key pair associated with said first node. 

1 11. (Original) The method of claim 1 wherein said certificate further includes a time stamp 

2 that is associated with a time and date when said request was received by said second node. 

1 12. (Withdrawn) A method for determining whether access to a resource should be provided 

2 to a principal in response to a request for access to the resource by the principal comprising 

3 the steps of: 

4 receiving said request for access to said resource from said principal at a server; 

5 verifying the authenticity of said request using a key contained within a certificate 

6 associated with said principal; 

7 determining whether a registration authority identifier within said certificate 

8 corresponds to a registration identifier contained on a certificate revocation list, wherein said 

9 registration authority identifier is associated with a registration authority that requested a 

10 certification authority to generate said certificate; and 

1 1 providing an indication to said server that said certificate has been revoked and 

12 denying access of said principal to said resource in response to a determination that said 

13 registration authority identifier within said certificate corresponds to a registration authority 

14 identifier on said certificate revocation list. 

1 13. (Withdrawn) The method of claim 12 wherein said determining step further comprises 

2 the step of determining whether a time stamp contained within said certificate that specifies 

3 a time of receipt of a request from said registration authority to the certification authority to 

4 generate the certificate corresponds to a period identified on said certificate revocation list 

5 during which the respective registration authority is indicated to be untrustworthy; and 

6 said providing step comprises the step of providing said indication to said server that 

7 said certificate has been revoked and denying access of said principal to said resource in 

8 response to a determination that said registration authority identifier within said certificate 
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9 corresponds to said registration authority identifier on said certificate revocation list and said 

10 time stamp within said certificate corresponds to a time within said period identified on said 

1 1 certificate revocation list during which said registration authority was indicated to be 

12 untrustworthy. 

1 14. (Withdrawn) The method of claim 13 wherein said period has a beginning point and an 

2 assumed ending point, said beginning point being specified by a time value contained within 

3 said certificate revocation list and the assumed ending point corresponds to a present time 

4 value. 

1 15. (Withdrawn) The method of claim 13 wherein said period has a beginning point and an 

2 ending point, said beginning point being specified by a first time value and the ending point 

3 corresponds to a second time value. 

1 16. (Withdrawn) The method of claim 12 wherein said verifying and determining steps are 

2 performed by said server. 

1 17. (Currently Amended) A certification authority comprising: 

2 a memory containing a computer program for generating a certificate that enables 

3 efficient revocation of said certificate ; and 

4 a processor operative to execute said computer program, said computer program 

5 containing program code for: 

6 receiving a request from a registration authority to issue a certificate on 

7 behalf of a principal; and 

8 in response to receipt of said request, generating said certificate that includes 

9 at least a registration authority identifier associated with said registration authority. 

1 18. (Original) The certification authority of claim 17 wherein said request to issue said 

2 certificate is an authenticated request and said computer program further includes program 

3 code for verifying said authenticated request. 

1 19. (Previously Presented) The certification authority of claim 17 wherein said certificate 

2 generated by said computer program further includes a principal identifier associated with 

3 said principal and a key associated with said principal. 
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1 20. (Original) The certification authority of claim 17 wherein said computer program 

2 further includes program code for storing within said certificate a time stamp associated with 

3 a time when said certification authority received said request from said registration 

4 authority. 

1 21 . (Withdrawn) A system for determining whether access to a resource should be provided 

2 to a principal in response to a request for access to the resource by the principal comprising: 

3 a first server operative to receive a request for access to said resource from said 

4 principal, said first server being operative to verify the authenticity of said request using a 

5 key contained within said certificate associated with said principal, wherein said certificate 

6 includes at least a registration authority identifier associated with a registration authority that 

7 issued a request to a certification authority to issue said certificate; 

8 a second server containing a certificate revocation list, wherein said certificate 

9 revocation list includes said registration authority identifier in the event the associated 

10 registration authority has been determined to be untrustworthy, said second server being 

1 1 operative in response to a certificate revocation inquiry request to ascertain whether said 

12 certificate revocation list contains a registration authority identifier that corresponds to said 

13 registration authority identifier within said certificate; and 

14 said second server being further operative to provide an indication to said first server 

* 

15 that said certificate has been revoked in the event said certificate revocation list contains 

16 said registration authority identifier that corresponds to said registration authority identifier 

17 within said certificate. 

1 22. (Withdrawn) The system of claim 21 wherein said first and second server comprise a 

2 single server. 

1 23. (Withdrawn) The system of claim 21 wherein said first server is further operative in 

2 response to receipt of said indication that said certificate has been revoked to deny said 

3 principal access to said requested resource. 

1 24. (Withdrawn) The system of claim 21 wherein said certificate further includes a time 

2 stamp associated with a time when said certification authority received from said 

3 registration authority said request to issue said certificate on behalf of said principal; and 
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4 wherein said certificate revocation list includes said registration authority identifier 

5 in the event the associated registration authority has been determined to be untrustworthy 

6 and at least one value defining a time interval during which said registration authority is 

7 deemed to be untrustworthy, 

8 said second server being operative in response to a certificate revocation inquiry 

9 request to provide a revocation inquiry request to provide a revocation indication if said 

10 certificate revocation list contains a registration authority identifier that corresponds to said 

1 1 registration authority identifier within said certificate and a time stamp associated with said 

12 registration authority identifier that is within said interval. 

1 25. (Withdrawn) The system of claim 23 wherein said second server comprises a revocation 

2 server. 

1 26. (Withdrawn) The system of claim 25 wherein said revocation server is further operative 

2 in response to said revocation indication to forward a certificate revocation message to said 

3 first server that indicates that said certificate has been revoked. 

1 27. (Withdrawn) The system of claim 26 wherein said first server is operative in response to 

2 said certificate revocation message to deny said principal access to said requested resource. 

1 28. (Currently Amended) A computer program product including a computer readable 

2 medium, said computer readable medium having a computer program stored thereon for 

3 generating a certificate that enables efficient revocation of said certificate , said computer 

4 program being executable by a processor and comprising: 

5 program code for receiving a request from a registration authority to issue a 

6 certificate on behalf of a principal; and 

7 program code operative in response to recognition of said request, for generating by 

8 a certification authority a certificate authenticated by said certification authority wherein 

« 

9 said certificate includes at least a principal identifier associated with said principal, a key 

10 associated with said principal for use in authenticating messages generated by said principal, 

1 1 and a registration identifier associated with said registration authority. 
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1 29. (Original) The computer program product of claim 28 wherein said program code for 

2 generating said certificate is further operative to include within said certificate a time stamp 

3 associated with a time or receipt by said certification authority of said request from said 

4 registration authority of said request to issue said certificate. 

1 30. (Currently Amended) A computer data signal, said computer data signal including a 

2 computer program for use in generating a certificate that enables efficient revocation of said 

3 certificate , said computer program comprising: 

4 program code for receiving a request from a registration authority to issue a 

5 certificate on behalf of a principal; and 

6 program code operative in response to recognition of said request, for generating by 

7 a certification authority a certificate authenticated by said certification authority wherein 

8 said certificate includes at least a principal identifier associated with said principal, a key 

9 associated with said principal for use in authenticating messages generated by said principal, 
10 and a registration identifier associated with said registration authority. 

1 31. (Original) The computer data signal of claim 30 wherein said program code for 

2 generating said certificate is operative to include within said certificate a time stamp 

3 associated with a time of receipt by said certification authority from said registration 

4 authority of said request to issue said certificate. 

1 32. (Original) The computer data signal of claim 30 wherein said computer program further 

2 includes program code for publishing said certificate. 

1 33. (Previously Presented) The computer data signal of claim 32 wherein said program code 

2 for publishing said certificate includes program code for forwarding said certificate to a 

3 directory server. 

1 34. (Currently Amended) An apparatus for generating a certificate in a computer network, 

2 wherein said generating of said certificate enables efficient revocation of said certificate, the 

3 apparatus comprising: 

4 means operative in response to receipt of a request from a first node coupled to said 

5 computer network at a second node coupled to said computer network for generating at said 
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6 second node a certificate on behalf of a principal that includes a first node identifier 

7 associated with said first node. 



1 35. (Currently Amended) The apparatus of claim 34 wherein said request was initiated by-a 

2 said p rincipal and said request includes a principal identifier associated with said principal 

3 and said certificate further includes said principal identifier and a public key associated with 

4 said principal. 

1 36. (Original) The apparatus of claim 34 wherein said certificate is authenticated by said 

2 second node. 

1 37. (Previously Presented) The apparatus of claim 34 further including means for 

2 comparing said first node identifier to a node identifier associated with an untrustworthy 

3 node on said network that is included within a certificate revocation list and providing an 

4 indication that said certificate is untrustworthy in the event said first node identifier matches 

5 said untrustworthy node identifier. 
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